logo

Expense Fraud Detection API

Employees don’t forge receipts anymore — they regenerate them. A modified PDF looks identical to the original. A single API call reveals whether a receipt, hotel folio, or mileage log was fabricated or edited — at the structural layer that the file cannot hide.

~3 sec
per document
36 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect mobile photos of paper receipts. For digital PDFs (hotel folios, airline itineraries, ride-share receipts, restaurant invoices), we’re the most specific tool for detecting fabrication and tampering.

T&E platforms catch policy violations. They don’t catch document fraud

Concur, Expensify, Ramp, and Brex use OCR to extract amounts and categories. They catch duplicate submissions and out-of-policy categories. They don’t check whether the PDF was edited after creation.

The average company loses 5% of annual T&E spend to expense fraud — a median of $1.9 million annually at mid-market companies. The most common method: modified PDF receipts. An employee edits a $45 restaurant receipt to $145, re-saves the file, and submits it. The content looks identical; the file structure records the edit.

Receipt generators produce entirely fabricated hotel folios, restaurant invoices, and mileage logs. The producer signature of a generator tool is distinct from that of a real hotel property management system — readable in the binary layer of the PDF. See the fake receipt detection guide for document-type specifics.

Common expense fraud patterns

  • Restaurant receipt total inflated in a PDF editor before submission
  • Hotel folio with room rate, dates, or extras modified
  • Receipt generated with an online template tool for a meal that never happened
  • Mileage log or per-diem claim self-produced with inflated figures
  • Flight itinerary copied and dates edited to match a personal trip

What the API detects in expense receipts

Five forensic layers analyzed on every receipt — results in under 3 seconds

Producer signature match

Real merchant and platform exports have recognizable producer signatures. Marriott, Hilton, Hyatt, Uber, and airline systems produce consistent fingerprints. Generator tools and editors leave different ones.

Incremental update detection

Any post-export edit produces a structural fingerprint in the xref chain. A hotel folio or restaurant receipt with two xref tables was modified after the original system export.

Arithmetic consistency

Line items, taxes, service charges, and totals are checked for internal reconciliation. One altered figure breaks the chain — the most common signature of amount inflation.

Font subset prefix divergence

Multi-session edits leave page-to-page font subset shifts. Folios with multiple edited sections show this pattern across the document.

Text vs. raster layer agreement

Text edits on rasterized receipt images break agreement between the text and visual layers — a clean signal for amount substitutions on scanned-style receipts.

Modification date after expense date

The PDF ModDate updates automatically when a file is edited. A hotel folio ModDate weeks after the stated checkout date is a direct tampering signal.

Built for finance controllers and T&E operations

Integrate into your expense workflow or use the free tool for audit spot-checks

Catch inflated restaurant receipts where amounts were changed before submission

Detect hotel folios modified to add nights, inflate room rates, or change dates

Flag receipts generated with online template tools rather than real merchant systems

Identify mileage logs and per-diem claims self-produced with inflated figures

Integrate with Concur, Expensify, Ramp, or Brex via webhook at receipt upload

Every check produces a named-marker audit record for internal audit and finance compliance

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 36-check breakdown

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

Integrate in minutes

Two calls: POST to analyze, GET to retrieve the result.

Request

bash
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage.com/hotel-folio-may2025.pdf"}'

Result (GET /v1/result/{id})

json
{
  "id": "e5f6a7b8-c9d0-1234-efab-567890123456",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Multiple cross-reference tables (incremental updates)",
    "Known PDF editing tool detected"
  ],
  "creator": "Marriott Property Management System",
  "producer": "PDF24",
  "creation_date": 1745539200,
  "modification_date": 1745712000,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

creator: “Marriott Property Management System” with producer: “PDF24” means the hotel folio originated from the hotel’s PMS but was subsequently processed through a free online PDF editor — the hotel folio fraud pattern. The modification date two days after the creation date (checkout) confirms the post-stay editing session.

Pricing

Self-serve plans. No sales call, no procurement process.

Starter

$15/mo

30 checks/mo

Manual audit spot-checks for high-value expenses

Growth

$149/mo

350 checks/mo

Active T&E operations teams

Pro

$499/mo

1,500 checks/mo

High-volume expense processing and automated audit

Enterprise (unlimited, on-premise available) — see full pricing and docs

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Frequently Asked Questions

Won’t every receipt look edited if employees forward it by email?

Forwarding an email attachment doesn’t edit the PDF. The PDF’s file structure only changes when the file is re-saved through a tool. Forwarded originals return INTACT.

Can this catch AI-generated receipts?

AI-generated receipts carry distinct structural fingerprints — producer signatures, font subsets, object layouts — that differ from authentic merchant exports. HTPBE? flags them as non-authentic.

Does this work with Concur, Expensify, Ramp, or Brex?

Yes. The API is stack-agnostic — any T&E platform that accepts PDF uploads and can make an outbound HTTPS call can integrate via webhook or pre-processing step.

What about mobile-scanned receipt photos?

Raster photos have no PDF structure to analyze. PDFs produced by a scanner or mobile scanning app still work if the app generates an authentic digital export. Pair with image-forensics tooling for pure photo flows.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs

Related: Fake receipt detection technical guide →

Integrate expense fraud detection in any stack

Two API calls — submit the receipt PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.

bash
# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer htpbe_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}

# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
  -H "Authorization: Bearer htpbe_live_..." \
  | jq '.status'